Use fw monitor Tcpdump does not always load into the IP stack in the place you expect.
Rick -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 21 November 2007 11:11 To: [email protected] Subject: [FW-1] how to sniff encrypted traffic Hi all, I need to sniff encrypted traffic on my splat now in my understanding i know that ipsec gw to gw is in tunnel mode su I should not be able to sniff on the outbound eth the packet from the clients because this is encapsulated inside the tunneled packet.... but if I use tcpdump on the outbound interface I can see the icmp echo reply if I use fw monitor -p all I can see all the module passed whit the client real ip, but I was expecting to see after the vpn module the packet disappear to me (cose this is encapsulated) How can I do this test? Thanks Paolo Riviello Mob. +39.328.1749468 Home: http://www.paoloriviello.com Msn: [EMAIL PROTECTED] Skype: pao_rivi --I'm a rebel, soul rebel I'm a capturer, soul adventurerSee the morning sun, On the hillside if not living good, travel wide. B.M. _________________________________________________________________ Scarica GRATIS 30 emoticon per Messenger! http://www.emoticons-livemessenger.com/pages/msnit/index.htm Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
